Hi, Many times when an NT or perhaps W2K machine connects to another machine it tries to do a NetBIOS name service lookup through port 137 from port 137. Although, often times, there are also probes using similiar traffic. I'm assuming this is UDP traffic? -Alex On Tue, 29 May 2001, Arnold, Jamie wrote: > > > We've seen a large amount of connection attempts to a specific machine here. > We're using FlowData to pull this info. Anyone have any ideas of what this > may be? > > Thanks > > Jamie > > > > 000d 128.226.189.170 0022 66.24.217.4 11 89 89 1 > > 78 > > > > 000d 128.226.189.170 00d5 1.221.189.190 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 1.61.189.192 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 119.155.168.215 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 121.105.79.232 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 125.137.12.113 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 129.154.77.141 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 134.247.39.107 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 134.42.192.122 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 135.22.102.194 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 135.4.50.147 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 136.13.84.150 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 14.231.253.147 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 146.72.91.64 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 148.86.180.95 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 151.68.154.128 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 152.60.155.51 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 152.97.52.216 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 154.105.98.60 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 154.80.101.19 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 155.43.239.69 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 155.8.238.170 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 156.26.119.63 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 158.126.202.150 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 159.175.162.138 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 16.14.55.150 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 164.138.171.20 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 171.69.87.56 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 177.42.105.139 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 179.150.73.14 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 181.78.196.75 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 187.65.70.131 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 188.174.121.81 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 188.199.104.81 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 188.60.131.65 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 213.215.214.65 11 89 89 5 > > 390 > > > > 000d 128.226.189.170 00d5 216.49.45.12 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 220.124.249.19 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 24.141.134.193 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 25.73.123.137 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 26.220.161.73 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 26.89.11.73 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 28.129.24.241 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 28.239.96.64 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 3.146.65.247 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 30.167.81.241 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 40.93.195.33 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 45.48.149.157 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 48.101.131.250 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 49.10.77.103 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 5.165.218.217 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 6.31.71.125 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 61.159.25.174 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 64.85.184.62 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 68.8.217.86 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 7.224.118.168 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 70.62.153.97 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 71.120.210.202 11 89 89 5 > > 390 > > > > 000d 128.226.189.170 00d5 73.55.70.95 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 73.8.171.67 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 8.253.107.151 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 80.54.72.198 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 88.206.16.135 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 91.149.163.232 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 96.107.104.159 11 89 89 2 > > 156 > > > > 000d 128.226.189.170 00d5 99.59.36.160 11 89 89 2 > > 156 > > > > ******************************** > > Frank Scoblick > > Computing Services > > Binghamton University > > E-mail: scoblickat_private > > Voice: 607-777-4232 > > Fax: 607-777-4009 > > ******************************** > > >
This archive was generated by hypermail 2b30 : Tue May 29 2001 - 20:42:35 PDT